rpms/jasper
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import jasper-2.0.14-5.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-10-06 04:19:50 -04:00 committed by Stepan Oksanichenko
parent 29de01a71c
commit 474efb90f7
4 changed files with 93 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
SOURCES/jasper-2.0.14-CVE-2020-27828.patch Normal file
View File

@ -0,0 +1,14 @@
diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
--- a/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:07:34.988061153 +0200
+++ b/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:08:32.100584582 +0200
@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
break;
case OPT_MAXRLVLS:
tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
+ if(tccp->maxrlvls > JPC_MAXRLVLS) {
+ jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
+ goto error;
+ }
break;
case OPT_SOP:
cp->tcp.csty |= JPC_COD_SOP;

47
SOURCES/jasper-2.0.14-CVE-2021-26927.patch Normal file
View File

@ -0,0 +1,47 @@
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:32:59.330396797 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:46:16.982925961 +0200
@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
the value specified in the code stream? */
if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
jas_image_numcmpts(dec->image))) {
- jas_eprintf("warning: number of components mismatch\n");
+ jas_eprintf("error: number of components mismatch (IHDR)\n");
+ goto error;
}
/* At least one component must be present. */
@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
with the data in the code stream? */
if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
(!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
- jas_eprintf("warning: component data type mismatch\n");
+ jas_eprintf("error: component data type mismatch (IHDR)\n");
+ goto error;
}
/* Is the compression type supported? */
@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
if (dec->bpcc) {
/* Is the number of components indicated in the BPCC box
consistent with the code stream data? */
- if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
- dec->image))) {
- jas_eprintf("warning: number of components mismatch\n");
+ if (dec->bpcc->data.bpcc.numcmpts !=
+ JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
+ jas_eprintf("error: number of components mismatch (BPCC)\n");
+ goto error;
}
/* Is the component data type information indicated in the BPCC
box consistent with the code stream data? */
@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
++i) {
if (jas_image_cmptdtype(dec->image, i) !=
JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
- jas_eprintf("warning: component data type mismatch\n");
+ jas_eprintf("error: component data type mismatch (BPCC)\n");
+ goto error;
}
}
} else {

18
SOURCES/jasper-2.0.14-CVE-2021-3272.patch Normal file
View File

@ -0,0 +1,18 @@
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:50:54.213552191 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 14:02:40.016274587 +0200
@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
}
}
+ /* Ensure that the number of channels being used by the decoder
+ matches the number of image components. */
+ if (dec->numchans != jas_image_numcmpts(dec->image)) {
+ jas_eprintf("error: mismatch in number of components (%d != %d)\n",
+ dec->numchans, jas_image_numcmpts(dec->image));
+ goto error;
+ }
+
/* Mark all components as being of unknown type. */
for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {

15
SPECS/jasper.spec
View File

@ -6,7 +6,7 @@
Summary: Implementation of the JPEG-2000 standard, Part 1 Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper Name: jasper
Version: 2.0.14 Version: 2.0.14
Release: 4%{?dist} Release: 5%{?dist}
License: JasPer License: JasPer
URL: http://www.ece.uvic.ca/~frodo/jasper/ URL: http://www.ece.uvic.ca/~frodo/jasper/
@ -14,6 +14,10 @@ Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz
Patch1: jasper-2.0.14-CVE-2016-9396.patch Patch1: jasper-2.0.14-CVE-2016-9396.patch
Patch2: jasper-2.0.14-CVE-2021-26927.patch
Patch3: jasper-2.0.14-CVE-2021-3272.patch
Patch4: jasper-2.0.14-CVE-2020-27828.patch
# architecture related patches # architecture related patches
Patch100: jasper-2.0.2-test-ppc64-disable.patch Patch100: jasper-2.0.2-test-ppc64-disable.patch
Patch101: jasper-2.0.2-test-ppc64le-disable.patch Patch101: jasper-2.0.2-test-ppc64le-disable.patch
@ -62,6 +66,9 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch1 -p1 -b .CVE-2016-9396 %patch1 -p1 -b .CVE-2016-9396
%patch2 -p1 -b .CVE-2021-26927
%patch3 -p1 -b .CVE-2021-3272
%patch4 -p1 -b .CVE-2020-27828
# Need to disable one test to be able to build it on ppc64 arch # Need to disable one test to be able to build it on ppc64 arch
# At ppc64 this test just stuck (nothing happend - no exception or error) # At ppc64 this test just stuck (nothing happend - no exception or error)
@ -136,6 +143,12 @@ popd
%changelog %changelog
* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
- Fix CVE-2021-26927 (#1933860)
- Fix CVE-2021-26926 (#1922316)
- Fix CVE-2021-3272 (#1922283)
- Fix CVE-2020-27828 (#1905692)
* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4 * Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
- Fix CVE-2016-9396 (#1583722) - Fix CVE-2016-9396 (#1583722)